Security Alert – DoS Vulnerability in Soft Fork
Affected Configurations: Geth 1.4.8
something that could happen: High
severity: High
Details:
An attack vector has been identified in a newly released DAO soft fork implementation. Fork enactment code from geth (and other clients) allows EVM code to run up to the block gas limit without paying gas fees. This may result in slower mining speeds and may not include legitimate transactions.
If the gas limit for block 1800000 exceeds 4000000 gas (i.e. the community vote on activating the fork fails), the soft fork will not be activated. In this case, attacks cannot be performed.
Impact on expected chain reorganization depth: doesn’t exist
Proposed workaround:
- Run geth 1.4.7
- Run geth 1.4.8 without that much –dao-softfork Command line options.
follow up:
We are considering available options. The community can avoid negative consequences from a soft fork by voting against it until a better solution is found. As far as we know, funds cannot be recovered from affected DAOs until July 14, 2016. There is no emergency to immediately block a deal pending further offers.